On 08/27/2015 11:15 AM, Jason Wang wrote:


On 08/26/2015 05:59 PM, Yang Hongyang wrote:
This patch add a new object netfilter, capture all network packets.
Also implement a netbuffer based on this object.
the "buffer" netfilter could be used by VM FT solutions like
MicroCheckpointing, to buffer/release packets. Or to simulate
packet delay.

You can also get the series from:
https://github.com/macrosheep/qemu/tree/netfilter-v8

Usage:
  -netdev tap,id=bn0
  -netfilter buffer,id=f0,netdev=bn0,chain=in,interval=1000
  -device e1000,netdev=bn0

dynamically add/remove netfilters:
  netfilter_add buffer,id=f0,netdev=bn0,chain=in,interval=1000
  netfilter_del f0

NOTE:
  interval's scale is microsecond.
  chain is optional, and is one of in|out|all, default is "all".
        "in" means this filter will receive packets sent to the @netdev
        "out" means this filter will receive packets sent from the @netdev
        "all" means this filter will receive packets both sent to/from
              the @netdev

TODO:
  - dump

v8:
  - some minor fixes according to Thomas's comments
  - rebased to the latest master branch

v7:
  - print filter info when execute 'info network'
  - addressed Jason's comments

v6:
  - add multiqueue support, please see individual patch for detail

v5:
  - add a sent_cb param to filter receive_iov api
  - squash the 4th patch into patch 3
  - remove dummy sent_cb (buffer filter)
  - addressed Jason's other comments, see individual patches for detail

v4:
  - get rid of struct Filter
  - squash the 4th patch into patch 2
  - fix qemu_netfilter_pass_to_next_iov
  - get rid of bh (buffer filter)
  - release the packet to next filter instead of to receiver (buffer filter)

v3:
  - add an api to pass the packet to next filter
  - remove netfilters when delete netdev
  - add qtest testcases for netfilter
  - addressed comments from Jason

v2:
  - add a chain option to netfilter object
  - move the hook place earlier, before net_queue_send
  - drop the unused api in buffer filter
  - squash buffer filter patches into one
  - remove receive() api from netfilter, only receive_iov() is enough
  - addressed comments from Jason&Thomas

v1:
  initial patch.

Yang Hongyang (11):
   net: add a new object netfilter
   init/cleanup of netfilter object
   netfilter: add netfilter_{add|del} commands
   netfilter: hook packets before net queue send
   move out net queue structs define
   netfilter: add an API to pass the packet to next filter
   netfilter: print filter info associate with the netdev
   net/queue: export qemu_net_queue_append_iov
   netfilter: add a netbuffer filter
   filter/buffer: update command description and help
   tests: add test cases for netfilter object

  hmp-commands.hx         |  30 +++++
  hmp.c                   |  29 +++++
  hmp.h                   |   4 +
  include/net/filter.h    |  64 ++++++++++
  include/net/net.h       |   1 +
  include/net/queue.h     |  26 ++++
  include/qemu/typedefs.h |   1 +
  include/sysemu/sysemu.h |   1 +
  monitor.c               |  33 +++++
  net/Makefile.objs       |   2 +
  net/filter-buffer.c     | 125 ++++++++++++++++++
  net/filter.c            | 332 ++++++++++++++++++++++++++++++++++++++++++++++++
  net/filters.h           |  17 +++
  net/net.c               |  85 +++++++++++++
  net/queue.c             |  31 +----
  qapi-schema.json        | 100 +++++++++++++++
  qemu-options.hx         |  17 +++
  qmp-commands.hx         |  57 +++++++++
  tests/.gitignore        |   1 +
  tests/Makefile          |   2 +
  tests/test-netfilter.c  | 194 ++++++++++++++++++++++++++++
  vl.c                    |  13 ++
  22 files changed, 1140 insertions(+), 25 deletions(-)
  create mode 100644 include/net/filter.h
  create mode 100644 net/filter-buffer.c
  create mode 100644 net/filter.c
  create mode 100644 net/filters.h
  create mode 100644 tests/test-netfilter.c


Looks good to me. After addressing comments of interfaces, I think it
was pretty ready to be merged.

Thank you, I will address them asap.


Thanks
.


--
Thanks,
Yang.

Reply via email to